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DECISION ON APPEAL 



Appellants appeal under 35 U.S.C. § 134 from a final rejection of 
claims 1 and 3-20. Claim 2 has been cancelled. We have jurisdiction under 
35 U.S.C. § 6(b). 
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STATEMENT OF CASE 
The Invention 

According to Appellants, the invention is a system and process for 
issuing tokens in a Public Key Infrastructure such that a unique and certified 
token ID number is issued to a certified user ID number (Spec. 1). The 
method processes tokens or smart cards in a Public Key Infrastructure (PKI) 
and binds a certified token ID number to a certified user ID number in a 
database for an organization (Spec. 1, [0001]). 

Each token (or smart card) is given a unique ID by the token 
manufacturer (Spec. 2, [0003] and Spec. 7, [0024]). To get a token, a user 
presents his or her credentials to the Tokenizing Officer or personal 
registration authority who reviews the user's credentials (Spec. 8, [0027] and 
[0028]). Tokenizing Officers are authorized members of the enterprise that 
act as an agent to issue tokens to users (Spec. 2, [0004]). The Tokenizing 
Officer enters the user's ID number, organization and token ID number into 
an E-form Request Web page, signs the Request and sends it to the 
Certificate Management System (CMS) or Certificate Authority (Spec. 7, 
[0024], Spec. 8, [0028] and Fig. 2, elements 230 and 240). The CMS checks 
for existing tokens for the user and revokes any certificates/public keys 
contained on the token (Spec. 8, [0028] and Figure 2, element 250). 
Normally, only one token is issued to a user (Spec. 8, [0028]). 
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Exemplary Claim(s) 
Exemplary independent claim 1 under appeal reads as follows: 

1 . A token issuance and binding process comprising: 

providing a plurality of tokens, each token having a unique ID number 
stored therein; 

generating a unique public/private key pair for each token; 

storing each token ID number and corresponding public key in a 
directory/database; 

storing each private key in its respective token; 

binding a unique ID number of a user to a corresponding one of the 
plurality of tokens by storing said correspondence there between in the 
directory/database; and 

reviewing, by a Tokenizing Officer, credentials of the user and 
forwarding the user ID number and the token ID number to a CMS 
(Certificate Management System) along with an E-form (electronic form) 
request and signature of the Tokenizing Officer, wherein the Tokenizing 
Officer comprises a person. 

Prior Art 

The prior art relied upon by the Examiner in rejecting the claims on 
appeal is: 

Carlsson US 6,490,367 Bl Dec. 3, 2002 

Burn US 2003/0005291 Al Jan. 2, 2003 
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Rejections 

The Examiner rejected claims 1 and 3-20 under 35 U.S.C. § 103(a) as 
being unpatentable over the combination of Burn and Carlsson. 

ISSUES 

(1) Appellants contend the subject matter of claims 1 and 1 1 would 
not have been obvious over the combination of Burn and Carlsson because 
Carlsson teaches forwarding a sequence number not a token ID number 
(App. Br. 8-10 and 12-14). Appellants assert a sequence number cannot be a 
token ID number since claims 7 and 1 7 recite a signature certificate/private 
and associated private key which differentiates the token ID number recited 
in claim 1 (App. Br. 7-9 and 11-14). Appellants further assert replacing the 
sequence ID in the Carlsson system with the HTP ID number of Burn would 
not have been obvious. Appellants therefore argue since the combined Burn 
and Carlsson does not teach each and every element of claim 1 and claim 1 1 , 
one of ordinary skill in the art would not have been motivated to combine 
the system of Burn with the Tokenizing Officer of Carlsson (App. Br. 10 and 
13). Appellants further argue a skilled artisan would not have reasonably 
elected trading the benefit of security for that of convenience (Rep. Br. 4-5). 

The Examiner finds the Tokenizing Officer forwards a token ID 
number that may be either the sequence number of Carlsson or the HTP # 
number of Burn (Ans. 1 1 and 16). Further, the Examiner finds a skilled 
artisan would have been motivated to combine the Burn system with the 
Tokenizing Officer of Carlsson to add another layer of security to the Burn 
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system (Ans. 1 1 and 16). The Examiner notes that the test for obviousness 
is not that the claimed invention must be expressly suggested in any one or 
all of the references. (Ans. 1 1 and 17). Instead, citing In re Keller, 642 F.2d 
413 (CCPA 1981), the Examiner states the test is what the teachings of the 
references would have suggested to those of ordinary skill in the art (Ans. 
11-12 and 17). 

Issue 1 : Have Appellants shown the Examiner erred in finding one 
skilled in the art would have been motivated to combine the Burn security 
system with the Tokenizing Officer of Carlsson since Carlsson teaches use 
of a sequence number and the HTP # of Burn is not the same type of number 
and adding the Tokenizing Officer of Carlsson would trade the convenience 
of the Burn system for the security of the Carlsson system? 

(2) Appellants contend the Examiner erred in rejecting claim 3 as 
being obvious over the combination of Burn and Carlsson because the cited 
reference Carlsson does not teach or suggest checking for redundant user 
tokens and revoking any such user tokens (App. Br. 10-11 and 14). 

The Examiner finds Carlsson teaches the administrator manages and 
revokes cards and is responsible for preventing unauthorized users from 
gaining access to tokens not assigned to them and thus teaches checking for 
redundant user tokens and revoking any such user tokens (Ans. 12-13). 

Issue 2: Has the Examiner erred in finding Carlsson teaches checking 
for redundant user tokens and revoking any such user tokens? 

We AFFIRM. 
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FINDINGS OF FACT 
The following Findings of Fact (FF) are shown by a preponderance of 
the evidence. 

Burn 

(1) The prior art Bum describes a hardware token (HTP) self 
enrollment process and system. 

(2) Tokens are assigned unique token identifiers (HTP ID #), 
personal identification numbers (PINs) randomly generated for a user and 
administrator, and two randomly generated key pairs during an initialization 
process (p. 3, [0036]). 

(3) Once the user obtains an initialized HTP, that user engages in 
an enrollment process the result of which affiliates the user with a particular 
token (p. 4, [0041]). An enrollment request including the HTP ID #, New 
User ID, New User Pin and personal identification data such as employee 
number, social security number, etc., is sent to a certificate authority (p. 4, 
[0041] and Fig. 7, element 220). 

Carlsson 

(4) The prior art Carlsson teaches a system for administering 
certificates in a distributed system including generating, distributing and 
revoking certficates (Abstract). 

(5) A sequence number of a certificate is compared with previous 
numbers (col. 6, 11. 23-25 and claim 15). 
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(6) A Certification Authority (CA) administrator is a person with 
authorization to issue user certificates (col. 5, 11. 56-58). A CA checks that a 
user is entitled to certification and verifies the user's identity (col. 8, 11. 
19-21). An administrator completes a form requesting a certificate with user 
information and validity periods and forwards the certificate request along 
with a service life, a sequence number and the administrator's signature to a 
CA centre (col. 8, lines 28-37). The IC card or token is personalized by 
adding the certificate (which includes the sequence number), private key and 
other things (col. 8, 11. 58-60). 

(7) A certificate is revoked when a certificate has become invalid 
as determined by the administrative rules of the organization (col. 9, 11. 
14-20). Revocation may occur, for example, when a user has died, or when 
other conditions set by the organization occur (col. 9, 11. 15-17). 

PRINCIPLES OF LAW 

Appellants have the burden on appeal to the Board to demonstrate 
error in the Examiner's position. See In re Kahn, 441 F.3d 977, 985-86 
(Fed. Cir. 2006) ("On appeal to the Board, an applicant can overcome a 
rejection [under § 103] by showing insufficient evidence of prima facie 
obviousness or by rebutting the prima facie case with evidence of secondary 
indicia of nonobviousness.") (quoting In re Rouffet, 149 F.3d 1350, 1355 
(Fed. Cir. 1998)). 

"Section 103 forbids issuance of a patent when 'the differences 
between the subject matter sought to be patented and the prior art are such 
that the subject matter as a whole would have been obvious at the time the 
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invention was made to a person having ordinary skill in the art to which said 

subject matter pertains.'" KSRInt'lCo. v. Teleflex Inc., 127 S. Ct. 1727, 

1734 (2007). In KSR, the Supreme Court emphasized "the need for caution 

in granting a patent based on the combination of elements found in the prior 

art," id. at 1739, and discussed circumstances in which a patent might be 

determined to be obvious without an explicit application of the teaching, 

suggestion, motivation test. 

In particular, the Supreme Court emphasized "the principles laid down 

in Graham reaffirmed the 'functional approach' of Hotchkiss, 1 1 How. 248." 

KSR at 1739 (citing Graham v. John Deere Co., 383 U.S. 1, 12 (1966) 

(emphasis added)), and reaffirmed principles based on its precedent that 

"[t]he combination of familiar elements according to known methods is 

likely to be obvious when it does no more than yield predictable results." Id. 

The Court explained: 

When a work is available in one field of endeavor, 
design incentives and other market forces can 
prompt variations of it, either in the same field or a 
different one. If a person of ordinary skill can 
implement a predictable variation, §103 likely bars 
its patentability. For the same reason, if a 
technique has been used to improve one device, 
and a person of ordinary skill in the art would 
recognize that it would improve similar devices in 
the same way, using the technique is obvious 
unless its actual application is beyond his or her 
skill. 

Id. at 1740. The operative question in this "functional approach" is thus 
"whether the improvement is more than the predictable use of prior art 
elements according to their established functions." Id. 
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Under this framework, once an Examiner demonstrates the elements 
are known in the prior art and one of ordinary skill could combine the 
elements as claimed by known methods and would recognize that the 
capabilities or functions of the combination are predictable, then the 
Examiner has made a prima facie case the claimed subject matter is likely to 
be obvious. The burden then shifts to the Appellants to show the Examiner 
erred in these findings or to provide other evidence to show the claimed 
subject matter would have been nonobvious. 

GROUPING OF CLAIMS 
Claims 1 and 3-20 
Based on the arguments presented in Appellants' Brief, we decide the 
appeal of claims 1,9-11, 19, and 20 on the basis of claim 1. Appellants 
argued the same issues in both claim 1 and claim 1 1, the two independent 
claims from which the other claims directly depend. Based on Appellants' 
Brief arguments, we decide the appeal of claims 3-8 and 13-18 on the basis 
of claim 3 alone. Again, Appellants argued the same issues in both claim 3 
and claim 12. See 37 C.F.R. § 41.37(c)(l)(vii). 

ANALYSIS 
Claims 1 and 11 

Carlsson discloses a sequence number which is also compared to 
previous numbers (FF 5); therefore, it may be a unique number. The 
certificate, and thus the sequence number, is added to the user's IC card (or 
token) as is a private key (FF 6). Therefore, we find Carlsson teaches "each 
token having a unique ID number stored therein". 
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Burn does not teach an administrator reviewing credentials of the user 
and signing and forwarding an E-form request that includes the user ID 
number and token ID number to a Certificate Management System. Burn 
instead teaches forwarding the HTP ID # (token ID) and New User ID along 
with personal, identifying information (FF2). 

Carlsson teaches a request is sent to a CA with the user ID (FF6). A 
Certification Authority (CA) administrator is a person with authorization to 
issue user certificates (FF6) and thus, is a Tokenizing Officer. The CA 
forwards a certificate request along with a service life, a sequence number 
and the administrator's signature to a CA centre (FF6). 

Based on the above findings, it is our view that forwarding the unique 
sequence number by the CA administrator, instead of by the computer taught 
by Burn, would have been obvious to a skilled artisan. We further conclude 
the CA administrator forwarding the HTP # instead of the unique sequence 
number taught by Carlsson would have been obvious to a skilled artisan. 
Moreover, we note that Appellants arguments are directed to the Carlsson 
reference (App. Br. 7-11). The Court of Appeals for the Federal Circuit has 
determined that one cannot show nonobviousness by attacking references 
individually where the rejections are based on combinations of references. 
In re Merck & Co., 800 F.2d 1091, 1097 (Fed. Cir. 1986). 

Here, both Burn and Carlsson are directed toward security systems for 
remote users in a computer system and both utilize unique numbers for the 
tokens. Therefore, we find the elements are known in the prior art. It is our 
view that a skilled artisan would have recognized that adding a Tokenizing 
Officer to the system of Burn would have provided security and ease of use 
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at a remote location. Accordingly, based on the foregoing, we conclude that 
Appellants have not shown the Examiner erred in determining that 
combining the Tokenizing Officer of Carlsson with the system of Burn 
would have been obvious to one skilled in the art. 

Claims 3 and 12 

Carlsson teaches a certificate is revoked when it has become invalid 
(FF7). The "invalid" criteria are set by the organization (FF7). Therefore, 
we find checking for redundant tokens is taught by Carlsson. 

Redundant tokens as well as other tokens may be revoked when 
criteria set by the organization are met (FF7). Therefore, we find Carlsson 
teaches revoking any redundant tokens. 

Since Carlsson teaches checking for redundant tokens and revoking 
any such user tokens, we conclude that Appellants have not shown the 
Examiner erred in determining that a skilled artisan would have combined 
the system of Burn with the features of Carlsson to render obvious 
Appellants' claims 3 and 12. 

Claims 4-10 and 13-20 
Appellants did not separately argue claims 4-10, 13-20. Since claims 
9 and 10 depend directly from claim 1 and claims 19 and 20 depend directly 
from claim 1 1 and claims 4-8 depend directly and indirectly from claim 3 
and claims 13-18 depend directly and indirectly from claim 12, for the 
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reasons set forth above, these claims fall with claim 1 . Therefore, based on 
our discussion of claim 1 supra, Appellants have not shown the Examiner 
erred in rejecting claims 4-10 and 13-20. 

CONCLUSION OF LAW 

Appellants have not shown the Examiner erred in finding one skilled 
in the art would have been motivated to combine the Burn security system 
with the Tokenizing Officer of Carlsson. 

Appellants have not shown the Examiner erred in finding that 
Carlsson teaches checking for redundant user tokens and revoking any such 
user tokens. 

Appellants have not established the Examiner erred in rejecting claims 
1 and 3-20 as being unpatentable under 103(a) over Burn in view of 
Carlsson. 

DECISION 

The Examiner's rejection of claims 1 and 3-20 is affirmed. 
No time period for taking any subsequent action in connection with 
this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv). 

AFFIRMED 

Pgc 
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